I am implementing a password vault program with java. I have programmed a triple DES for encryption and a SHA256 for hashing.

My question is would it make any difference if I first hash the raw data (password) and then encrypt it, or first encrypt the data (password) then hash the encrypted data. I am mostly concerned about, would it make any serious changes in terms of security.

since this is a password vault, I assume you trying to get your passwords back out as plaintext? What are you trying to achieve with the hash in this case?
–
Peter ElliottMar 13 '13 at 15:31

@PeterElliott The thing is, the passwords are stored in an XML file(which is stored locally), and the XML file keeps the encrypted data in it. The hash (MAC) is used just to make sure the any of passwords has been changed by an attacker or not.
–
EkinMar 13 '13 at 15:37

a raw hash algorithm is not a MAC scheme, and will not provide the security of a MAC. Additionally, why are you using 3DES instead of AES?
–
Peter ElliottMar 13 '13 at 15:51

1 Answer
1

Per your comment, you do not want to use just a hash as a message authentication code. There are hash-based MACs (appropriately called HMACs) that are proper for this application. in this case, you probably want to use HMAC-SHA256. Also keep in mind you will need a separate key for your MAC (using the same key for encryption and MACs is a big no-no).

But on your question itself, your question boils down to Encrypt-then-MAC vs MAC-then-Encrypt. Per this Crypto.SE answer, the best course of action is Encrypt-then-MAC, as long as you ensure that you MAC everything about the ciphertext, including the IV and an algorithm identifier if you allow ecryption alogrithms other than 3DES. You get ciphertext and plaintext integrity, and don't have to go through the process of decryption to verify the plaintext.

You absolutely right of using separate keys for encryption and MAC. Probably I might take your advise of using AES to speed the performance. Also I just find another link Encrypt-then-MACand I think the "Encrypt-then-MAC" case seems to fit my case. Thanks!
–
EkinMar 13 '13 at 15:55